add link to key attestation library

This commit is contained in:
Daniel Micay 2023-12-22 10:10:13 -05:00
parent b96df9c32f
commit 4eb320eca9

View File

@ -57,14 +57,15 @@
with hardware attestation and fall back to the Play Integrity API or do both and with hardware attestation and fall back to the Play Integrity API or do both and
accept either passing as success.</p> accept either passing as success.</p>
<p>Our <a href="https://github.com/GrapheneOS/Auditor">MIT / Apache 2 licensed Auditor <p>Google provides a <a href="https://github.com/google/android-key-attestation">key
app</a> can be used a reference implementation for verifying hardware-based attestation library</a> with examples. Our <a href="https://github.com/GrapheneOS/Auditor">MIT
attestations. There are some subtleties in the verification process such as making / Apache 2 licensed Auditor app</a> can be used a reference implementation for
sure only the 2nd certificate in the chain (the one signing the certificate for the verifying hardware-based attestations. There are some subtleties in the verification
key generated by your app) has an attestation extension to prevent making a fake process such as making sure only the 2nd certificate in the chain (the one signing the
attestation by extending the chain. You can reuse our code and simply omit support for certificate for the key generated by your app) has an attestation extension to prevent
an app generated attestation signing key (attest key) and the other pinning making a fake attestation by extending the chain. You can reuse our code and simply
support.</p> omit support for an app generated attestation signing key (attest key) and the other
pinning support.</p>
<p>After verifying the signature of the attestation certificate chain and extracting <p>After verifying the signature of the attestation certificate chain and extracting
the attestation metadata, you can enforce that <code>verifiedBootState</code> is the attestation metadata, you can enforce that <code>verifiedBootState</code> is